From 9d808b0347d76183f0b147a39750b869212a172f Mon Sep 17 00:00:00 2001 From: Thierry Laurion <insurgo@riseup.net> Date: Thu, 16 Nov 2023 16:36:16 -0500 Subject: [PATCH] Talos-2: bring changes to a working state outside of usage of GPG key material backup as of now - Closes https://github.com/linuxboot/heads/pull/1452 - coreboot: Take Talos II 0.7 release coreboot config file that was inside of cbfs and use it as a base upstream. - linux: Readd sysctl and proc requirements for cbmem to work. TODO: fix gpg2 module so that the following doesn't happen (a ppc64 thing. Can't figure out why): ``` Adding generated key to current firmware and re-flashing... Board talos-2 detected, continuing... 37281653053696daf2e40a8efe9451b557d9d6ab586830dc85f814bf2e03a05f /tmp/talos-2.rom Initializing Flash Programmer Reading old flash contents. Please wait... Flashing: [##################################################\] (100%) Verifying flash contents. Please wait... The flash contents were verified and the image was flashed correctly. Signing boot files and generating checksums... 180726119: 000E452213510000005A gpg: error running '//bin/dirmngr': probably not installed gpg: failed to start dirmngr '//bin/dirmngr': Configuration error gpg: can't connect to the dirmngr: Configuration error gpg: no default secret key: No dirmngr gpg: signing failed: No dirmngr ``` dirmngr is deactivated per configure statement --disable-dirmngr, and works as expected on x86 Signed-off-by: Thierry Laurion <insurgo@riseup.net> --- config/coreboot-talos-2.config | 5 ++++ config/linux-talos-2.config | 50 +++++++++++++++++++++++++++++++--- modules/coreboot | 2 +- 3 files changed, 52 insertions(+), 5 deletions(-) diff --git a/config/coreboot-talos-2.config b/config/coreboot-talos-2.config index b8b2e0f5..1788a492 100644 --- a/config/coreboot-talos-2.config +++ b/config/coreboot-talos-2.config @@ -1,4 +1,9 @@ CONFIG_VENDOR_RAPTOR_CS=y +CONFIG_MAX_CPUS=2 +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +CONFIG_DRIVER_TPM_I2C_ADDR=0x20 CONFIG_TALOS_2_INFINEON_TPM_1=y +CONFIG_UART_PCI_ADDR=0x0 +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 CONFIG_TPM_LOG_TPM2=y CONFIG_PAYLOAD_SKIBOOT=y diff --git a/config/linux-talos-2.config b/config/linux-talos-2.config index b3f67849..e2be63e4 100644 --- a/config/linux-talos-2.config +++ b/config/linux-talos-2.config @@ -32,7 +32,9 @@ CONFIG_KERNEL_GZIP=y CONFIG_DEFAULT_HOSTNAME="(none)" # CONFIG_SWAP is not set CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y # CONFIG_CROSS_MEMORY_ATTACH is not set # CONFIG_USELIB is not set # CONFIG_AUDIT is not set @@ -139,6 +141,7 @@ CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_HAVE_LD_DEAD_CODE_DATA_ELIMINATION=y # CONFIG_LD_DEAD_CODE_DATA_ELIMINATION is not set +CONFIG_SYSCTL=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_BPF=y CONFIG_EXPERT=y @@ -416,7 +419,12 @@ CONFIG_HAVE_LIVEPATCH=y # Firmware Drivers # # CONFIG_FIRMWARE_MEMMAP is not set -# CONFIG_GOOGLE_FIRMWARE is not set +CONFIG_GOOGLE_FIRMWARE=y +CONFIG_GOOGLE_COREBOOT_TABLE=y +CONFIG_GOOGLE_COREBOOT_CBMEM=y +CONFIG_GOOGLE_MEMCONSOLE=y +CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y +# CONFIG_GOOGLE_VPD is not set CONFIG_EFI_EARLYCON=y # @@ -1233,7 +1241,36 @@ CONFIG_ATA_BMDMA=y CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set # CONFIG_BCACHE is not set -# CONFIG_BLK_DEV_DM is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=y +# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set +CONFIG_DM_BIO_PRISON=y +CONFIG_DM_PERSISTENT_DATA=y +# CONFIG_DM_UNSTRIPED is not set +CONFIG_DM_CRYPT=y +CONFIG_DM_SNAPSHOT=y +CONFIG_DM_THIN_PROVISIONING=y +# CONFIG_DM_CACHE is not set +# CONFIG_DM_WRITECACHE is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_CLONE is not set +# CONFIG_DM_MIRROR is not set +# CONFIG_DM_RAID is not set +# CONFIG_DM_ZERO is not set +# CONFIG_DM_MULTIPATH is not set +# CONFIG_DM_DELAY is not set +# CONFIG_DM_DUST is not set +# CONFIG_DM_INIT is not set +# CONFIG_DM_UEVENT is not set +# CONFIG_DM_FLAKEY is not set +CONFIG_DM_VERITY=y +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set +CONFIG_DM_VERITY_FEC=y +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_DM_INTEGRITY is not set # CONFIG_TARGET_CORE is not set # CONFIG_FUSION is not set @@ -1492,7 +1529,7 @@ CONFIG_NVRAM=y # CONFIG_RAW_DRIVER is not set # CONFIG_HANGCHECK_TIMER is not set CONFIG_TCG_TPM=y -CONFIG_HW_RANDOM_TPM=n +CONFIG_HW_RANDOM_TPM=y # CONFIG_TCG_TIS is not set # CONFIG_TCG_TIS_I2C_ATMEL is not set CONFIG_TCG_TIS_I2C_INFINEON=y @@ -2713,7 +2750,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y -# CONFIG_PROC_SYSCTL is not set +CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y # CONFIG_PROC_CHILDREN is not set CONFIG_KERNFS=y @@ -2783,6 +2820,7 @@ CONFIG_NFS_V4=y CONFIG_NFS_V4_1=y CONFIG_NFS_V4_2=y CONFIG_PNFS_FILE_LAYOUT=y +CONFIG_PNFS_BLOCK=y CONFIG_PNFS_FLEXFILE_LAYOUT=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_1_MIGRATION=y @@ -2797,6 +2835,7 @@ CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y CONFIG_SUNRPC_GSS=y CONFIG_SUNRPC_BACKCHANNEL=y +# CONFIG_SUNRPC_DEBUG is not set # CONFIG_CEPH_FS is not set # CONFIG_CIFS is not set # CONFIG_CODA_FS is not set @@ -3139,6 +3178,8 @@ CONFIG_XZ_DEC_BCJ=y # CONFIG_XZ_DEC_TEST is not set CONFIG_DECOMPRESS_XZ=y CONFIG_GENERIC_ALLOCATOR=y +CONFIG_REED_SOLOMON=y +CONFIG_REED_SOLOMON_DEC8=y CONFIG_INTERVAL_TREE=y CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y @@ -3404,6 +3445,7 @@ CONFIG_RUNTIME_TESTING_MENU=y # CONFIG_TEST_BLACKHOLE_DEV is not set # CONFIG_FIND_BIT_BENCHMARK is not set # CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set # CONFIG_TEST_UDELAY is not set # CONFIG_TEST_STATIC_KEYS is not set # CONFIG_TEST_MEMCAT_P is not set diff --git a/modules/coreboot b/modules/coreboot index 639c38e2..0671d091 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -76,7 +76,7 @@ $(eval $(call coreboot_module,4.20.1,)) # there is no point preparing another coreboot module that won't be shared with # anything. coreboot-talos_2_repo := https://github.com/Dasharo/coreboot -coreboot-talos_2_commit_hash := c8aed443c631042ad2b0326c35cd0b774752b924 +coreboot-talos_2_commit_hash := fc47236e9877f4113dfcce07fa928f52d4d2c8ee $(eval $(call coreboot_module,talos_2,)) # Similarly, purism is based on 4.21, but nothing builds against 4.21 itself